Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Postbank Trojaner Legitimation den ChipTan Verfahrens

Postbank Trojaner Legitimation den ChipTan Verfahrens


Plagegeister aller Art und deren Bekämpfung: Postbank Trojaner Legitimation den ChipTan Verfahrens

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 24.03.2011, 04:53   #1
Tatin
 
Postbank Trojaner Legitimation den ChipTan Verfahrens - Standard

Postbank Trojaner Legitimation den ChipTan Verfahrens


Hallo,
ich hatte gestern beim Versuch mich ins Onlinebanking der Postbank einzuloggen ein Popup, dass sich über das normale Layout gelegt hat, in dem ich aufgefordert wurde zu Legitimation des neuen ChipTANverfahrens 99 gültige TANs einzugeben. Laut der suche bei google handelt es sich um einen Trojaner. Der Onlinezugang ist bereits gesperrt, und ich würde mich über Hilfe bei der Entfernung des Trojaners sehr freuen! Im besten Fall, ohne dass ich den PC komplett neu aufsetzen muss, sofern das möglich ist. Für die Hilfe bereits vorab ein großes DANKE!
Liebe Grüße Tatin


Ich habe die load.exe Datei heruntergeladen und bin der Anleitung gefolgt.
Hier nun die entsprechenden Logfiles:

OTL.txt:

Code:
ATTFilter
OTL logfile created on: 23.03.2011 09:44:10 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 408,00 Mb Available Physical Memory | 40,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 82,82 Gb Total Space | 39,74 Gb Free Space | 47,98% Space Free | Partition Type: NTFS
Drive D: | 61,29 Gb Total Space | 38,77 Gb Free Space | 63,26% Space Free | Partition Type: NTFS
Drive F: | 971,63 Mb Total Space | 860,06 Mb Free Space | 88,52% Space Free | Partition Type: FAT
 
Computer Name: TATIN | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.03.23 09:29:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
PRC - [2011.03.19 13:34:12 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.03.06 22:10:34 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.03.01 14:28:49 | 000,119,608 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.4\ICQ.exe
PRC - [2011.01.11 00:25:06 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.01.05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.12.11 19:35:06 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2010.12.08 22:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Programme\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010.11.18 13:09:44 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.18 13:09:42 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.29 14:49:28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.10.19 02:12:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009.05.19 18:39:44 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009.01.23 08:49:54 | 000,416,768 | ---- | M] (ELANTECH Devices Corp.) -- C:\Programme\Elantech\ETDCtrl.exe
PRC - [2008.12.17 19:59:50 | 000,622,592 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2008.12.04 13:38:06 | 000,114,688 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsTray.exe
PRC - [2008.11.14 14:55:56 | 000,376,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2008.09.02 07:26:16 | 001,448,576 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008.09.02 07:26:16 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.05.21 01:56:24 | 000,094,208 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsEPCMon.exe
PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.03.23 09:29:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
MOD - [2010.08.23 17:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008.09.02 07:25:10 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.03.19 13:34:12 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.11.18 13:09:44 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.09.12 19:22:38 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.19 13:34:13 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.27 14:03:14 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.27 03:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.04.27 03:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010.04.27 03:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.01.19 20:39:20 | 000,933,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2008.09.23 18:15:00 | 000,038,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008.09.18 11:48:58 | 004,816,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.08.19 15:16:36 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008.08.19 15:16:28 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008.07.24 10:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008.05.30 04:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008.04.08 15:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2008.03.10 11:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008.02.04 10:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008.02.04 10:57:30 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007.10.25 17:26:10 | 000,005,632 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2006.05.09 16:47:10 | 000,024,521 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2006.05.09 16:46:42 | 000,155,216 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2006.05.09 16:46:42 | 000,155,216 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
DRV - [2006.02.23 16:16:36 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2005.06.29 10:21:24 | 000,019,328 | ---- | M] (WideView Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DTV_Loader_2X1.sys -- (DTV_Loader_2X1)
DRV - [2004.09.06 13:40:04 | 000,018,432 | ---- | M] (Computer & Entertainment, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DTV_Capture_2X0.sys -- (DTV_Capture_2X0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://eeepc.asus.com/global
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\html5video [2011.01.25 14:18:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programme\DivX\DivX Plus Web Player\firefox\wpa [2011.01.25 14:18:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.18 00:27:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.06 22:10:42 | 000,000,000 | ---D | M]
 
[2009.05.20 11:11:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2011.03.22 16:36:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\jgfxtt62.default\extensions
[2010.08.22 11:33:55 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\jgfxtt62.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.22 16:36:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.02.23 09:02:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.01.25 14:18:43 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.01.25 14:18:43 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2009.11.19 00:30:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009.09.02 06:26:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.15 23:57:03 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.15 23:57:03 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.09.12 18:55:13 | 000,003,700 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fast.png
[2009.09.12 18:55:13 | 000,001,963 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fast.xml
[2010.03.15 23:57:03 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.15 23:57:03 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.15 23:57:03 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Programme\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [***]  File not found
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SansaDispatch] C:\Dokumente und Einstellungen\***\Anwendungsdaten\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Anleitung.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SuperHybridEngine.lnk = C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\userinit.exe: Debugger - C:\WINDOWS\system32\memb.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.05 08:18:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0bf2caaa-87fb-11df-ba5a-002243d0ab39}\Shell - "" = AutoRun
O33 - MountPoints2\{0bf2caaa-87fb-11df-ba5a-002243d0ab39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0bf2caaa-87fb-11df-ba5a-002243d0ab39}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{111d7dd2-9d67-11de-b87e-002243d0ab39}\Shell - "" = Autorun
O33 - MountPoints2\{111d7dd2-9d67-11de-b87e-002243d0ab39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{111d7dd2-9d67-11de-b87e-002243d0ab39}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-2-7-45-100010805-100017204-100005843-1119.com h:\
O33 - MountPoints2\{111d7dd2-9d67-11de-b87e-002243d0ab39}\Shell\Open\command - "" = RECYCLER\S-2-7-45-100010805-100017204-100005843-1119.com h:\
O33 - MountPoints2\{16dcdde5-6663-11de-b7e3-0022436ecc85}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O33 - MountPoints2\{178cc37a-8698-11df-ba53-002243d0ab39}\Shell - "" = AutoRun
O33 - MountPoints2\{178cc37a-8698-11df-ba53-002243d0ab39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{178cc37a-8698-11df-ba53-002243d0ab39}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{178cc37e-8698-11df-ba53-002243d0ab39}\Shell - "" = AutoRun
O33 - MountPoints2\{178cc37e-8698-11df-ba53-002243d0ab39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{178cc37e-8698-11df-ba53-002243d0ab39}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{559bbcf2-f1b1-11de-b925-0022436ecc85}\Shell - "" = AutoRun
O33 - MountPoints2\{559bbcf2-f1b1-11de-b925-0022436ecc85}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{559bbcf2-f1b1-11de-b925-0022436ecc85}\Shell\AutoRun\command - "" = F:\DPFMate.exe
O33 - MountPoints2\{5984af82-8d30-11df-ba66-002243d0ab39}\Shell - "" = AutoRun
O33 - MountPoints2\{5984af82-8d30-11df-ba66-002243d0ab39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5984af82-8d30-11df-ba66-002243d0ab39}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{76b381c4-5d7a-11de-b7c1-002243d0ab39}\Shell - "" = AutoRun
O33 - MountPoints2\{76b381c4-5d7a-11de-b7c1-002243d0ab39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{76b381c4-5d7a-11de-b7c1-002243d0ab39}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{76b381c8-5d7a-11de-b7c1-002243d0ab39}\Shell - "" = AutoRun
O33 - MountPoints2\{76b381c8-5d7a-11de-b7c1-002243d0ab39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{76b381c8-5d7a-11de-b7c1-002243d0ab39}\Shell\AutoRun\command - "" = E:\pushinst.exe
O33 - MountPoints2\{9f1ead0e-f47a-11de-b928-002243d0ab39}\Shell - "" = AutoRun
O33 - MountPoints2\{9f1ead0e-f47a-11de-b928-002243d0ab39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9f1ead0e-f47a-11de-b928-002243d0ab39}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{b34e474e-886d-11df-ba5b-002243d0ab39}\Shell - "" = AutoRun
O33 - MountPoints2\{b34e474e-886d-11df-ba5b-002243d0ab39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b34e474e-886d-11df-ba5b-002243d0ab39}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f994519a-4311-11df-b9c0-002243d0ab39}\Shell\play\command - "" = C:\Programme\InterVideo\DVD8\WinDVD.exe -- [2008.12.29 11:57:16 | 002,233,624 | ---- | M] (InterVideo Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: vccdbqiuk -  File not found
 
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.23 09:42:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.03.23 09:41:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT
[2011.03.23 09:41:22 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.03.23 09:29:12 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Dokumente und Einstellungen\***\Desktop\Erunt-setup.exe
[2011.03.23 09:29:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2011.03.23 09:29:12 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\TFC.exe
[2011.03.19 00:48:05 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\gegl-0.0
[2011.03.19 00:47:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GIMP
[2011.03.19 00:46:15 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0
[2011.03.16 22:58:59 | 000,000,000 | ---D | C] -- C:\Programme\Yuna Software
[2011.02.23 09:03:45 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2009.03.10 12:42:27 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Programme\U1 Setup.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.23 09:41:23 | 000,000,591 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\NTREGOPT.lnk
[2011.03.23 09:41:23 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\ERUNT.lnk
[2011.03.23 09:35:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.03.23 09:29:28 | 000,301,568 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\g2m3e4r.exe
[2011.03.23 09:29:22 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Dokumente und Einstellungen\***\Desktop\Erunt-setup.exe
[2011.03.23 09:29:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2011.03.23 09:29:17 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\TFC.exe
[2011.03.22 23:41:33 | 000,069,632 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.22 23:21:45 | 000,742,874 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Load.exe
[2011.03.20 14:22:43 | 000,008,833 | ---- | M] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel
[2011.03.19 13:34:13 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.03.19 00:47:35 | 000,000,780 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GIMP 2.lnk
[2011.03.14 14:42:44 | 000,365,461 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Anleitung.exe
[2011.03.13 12:36:01 | 000,009,241 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Anleitung.html
[2011.03.12 19:20:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.03.11 00:06:25 | 000,558,713 | ---- | M] () -- C:\lxceunst.csv
[2011.03.09 00:40:43 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
 
========== Files Created - No Company Name ==========
 
[2011.03.23 09:41:23 | 000,000,591 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\NTREGOPT.lnk
[2011.03.23 09:41:23 | 000,000,572 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\ERUNT.lnk
[2011.03.23 09:29:12 | 000,301,568 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\g2m3e4r.exe
[2011.03.22 23:21:44 | 000,742,874 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Load.exe
[2011.03.20 14:22:43 | 000,008,833 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel
[2011.03.19 00:47:35 | 000,000,780 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GIMP 2.lnk
[2011.03.13 12:41:20 | 000,009,241 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Anleitung.html
[2011.03.13 12:16:23 | 000,365,461 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Anleitung.exe
[2011.03.11 00:05:22 | 000,558,713 | ---- | C] () -- C:\lxceunst.csv
[2011.01.10 21:08:54 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011.01.10 21:08:54 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011.01.10 21:08:37 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\$_hpcst$.hpc
[2011.01.10 19:51:26 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2009.09.12 19:47:08 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009.06.25 15:59:15 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2009.06.20 10:26:48 | 000,097,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin
[2009.05.27 02:01:15 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.05.27 02:01:15 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.05.27 01:55:35 | 000,069,632 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.20 19:11:47 | 000,003,342 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\wklnhst.dat
[2009.05.20 18:09:19 | 000,000,149 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.05.20 11:11:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.03.10 15:01:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.03.10 12:46:57 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uvcrecordfix.exe
[2009.03.10 12:46:57 | 000,024,576 | ---- | C] () -- C:\WINDOWS\Sleep.exe
[2009.03.10 12:37:06 | 000,014,713 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2009.03.10 12:35:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009.03.10 12:34:01 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009.02.05 08:21:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.02.05 08:16:01 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.02.05 08:10:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.02.05 08:09:07 | 001,903,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.02.05 08:02:56 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009.02.05 08:02:51 | 000,458,822 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2009.02.05 08:02:51 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2009.02.05 08:02:51 | 000,084,326 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2009.02.05 08:02:51 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2009.02.05 08:02:45 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009.02.05 08:02:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009.02.05 08:02:43 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009.02.05 08:02:43 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009.02.05 08:02:43 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009.02.05 08:02:43 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009.02.05 08:02:43 | 000,004,562 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009.02.05 08:02:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009.02.05 08:02:41 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009.02.05 08:02:41 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009.02.05 08:02:39 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009.02.05 08:02:36 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\memb.exe
[2009.02.05 08:02:36 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.11.14 18:12:56 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2008.09.02 07:25:26 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008.08.28 04:10:24 | 000,000,173 | ---- | C] () -- C:\WINDOWS\explorer.exe.config
[2008.07.30 19:31:52 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2010.04.08 14:43:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2010.02.10 23:34:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2010.02.11 00:21:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan
[2011.01.11 02:14:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InterVideo
[2010.01.29 13:29:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
[2011.01.10 21:09:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2009.03.10 12:37:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Wireless LAN Card
[2011.02.20 01:22:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.09.09 18:19:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010.08.02 00:27:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Amazon
[2010.04.08 14:43:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canneverbe Limited
[2011.02.22 15:28:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon
[2010.05.18 10:10:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon Easy-WebPrint EX
[2010.08.22 11:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.03.20 14:22:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0
[2011.03.23 09:46:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ
[2009.05.27 01:56:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo
[2011.01.25 14:18:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Local
[2011.03.23 00:19:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Samsung
[2010.09.18 12:06:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SanDisk
[2009.07.21 09:09:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Template
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.08.16 01:03:06 | 000,000,000 | ---D | M] -- C:\171519c4f94b8837e649ff23c29b4e7b
[2009.05.20 18:09:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2010.09.04 12:16:57 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2009.03.10 12:34:36 | 000,000,000 | ---D | M] -- C:\Intel
[2009.06.19 11:23:44 | 000,000,000 | ---D | M] -- C:\Lexmark
[2009.03.10 13:00:42 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.03.23 09:41:22 | 000,000,000 | ---D | M] -- C:\Programme
[2009.05.20 11:29:14 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2009.12.29 19:33:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.06.19 11:23:54 | 000,000,000 | ---D | M] -- C:\Temp
[2011.03.23 09:42:17 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
[2008.05.07 09:34:00 | 015,523,560 | ---- | M] (Macrovision Corporation) -- C:\Programme\U1 Setup.exe
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-08 23:45:01

< End of report >



Extras.txt:


Code:
ATTFilter
OTL Extras logfile created on: 23.03.2011 09:44:10 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 408,00 Mb Available Physical Memory | 40,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 82,82 Gb Total Space | 39,74 Gb Free Space | 47,98% Space Free | Partition Type: NTFS
Drive D: | 61,29 Gb Total Space | 38,77 Gb Free Space | 63,26% Space Free | Partition Type: NTFS
Drive F: | 971,63 Mb Total Space | 860,06 Mb Free Space | 88,52% Space Free | Partition Type: FAT
 
Computer Name: TATIN | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.4\ICQ.exe" = C:\Programme\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\Nortel Networks\Extranet.exe" = C:\Programme\Nortel Networks\Extranet.exe:*:Enabled:Contivity VPN Client -- (Nortel Networks NA, Inc.)
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\ICQ7.4\ICQ.exe" = C:\Programme\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6E4DAE31-7CF3-441A-B6E5-B014D63C80CD}" = Eee Instant Key
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN Card
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009-05-12
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.5 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A81300000003}_814" = KB408682
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0BFF8D4-BF3B-4D05-85A1-EA62B96F6562}" = Collage Maker
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AndreaMosaicVersion3" = AndreaMosaic 3.21
"Audacity_is1" = Audacity 1.2.6
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DTV_1.0" = DVB-T USB 2.0 
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Eee Storage" = Eee Storage 1.2.17.333
"Elantech" = ETDWare PS/2-x86 7.0.4.3 WHQL
"ERUNT_is1" = ERUNT 1.1j
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Studio_is1" = Free Studio version 4.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SecureW2 Client" = SecureW2 Client 3.1.2
"Sweet Home 3D_is1" = Sweet Home 3D version 2.3
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sansa Updater" = Sansa Updater
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.02.2011 22:36:17 | Computer Name = TATIN | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3989, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 12.02.2011 22:36:29 | Computer Name = TATIN | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3989, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 13.02.2011 20:06:35 | Computer Name = TATIN | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3989, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 28.02.2011 18:56:49 | Computer Name = TATIN | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3989, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 11.03.2011 09:00:00 | Computer Name = TATIN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.4079,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0000100b.
 
Error - 11.03.2011 12:17:55 | Computer Name = TATIN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.4079,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0000100b.
 
Error - 13.03.2011 08:04:35 | Computer Name = TATIN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x05389290.
 
Error - 13.03.2011 09:57:01 | Computer Name = TATIN | Source = Bonjour Service | ID = 100
Description = DNS Message from «ZERO ADDRESS»:0 to «ZERO ADDRESS»:0 length 0
 too short
 
Error - 15.03.2011 12:54:51 | Computer Name = TATIN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.4079,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0000100b.
 
Error - 15.03.2011 17:33:40 | Computer Name = TATIN | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.4079, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ OSession Events ]
Error - 04.07.2010 17:54:02 | Computer Name = TATIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25547
 seconds with 2160 seconds of active time.  This session ended with a crash.
 
Error - 16.07.2010 10:05:53 | Computer Name = TATIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15436
 seconds with 780 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 23.03.2011 04:08:48 | Computer Name = TATIN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Microsoft System" wurde mit folgendem Fehler beendet: 
  %%126
 
Error - 23.03.2011 04:30:00 | Computer Name = TATIN | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Starten Sie den Dienst neu..
 
Error - 23.03.2011 04:30:00 | Computer Name = TATIN | Source = Service Control Manager | ID = 7034
Description = Dienst "IviRegMgr" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 23.03.2011 04:30:00 | Computer Name = TATIN | Source = Service Control Manager | ID = 7034
Description = Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 23.03.2011 04:30:00 | Computer Name = TATIN | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 23.03.2011 04:30:00 | Computer Name = TATIN | Source = Service Control Manager | ID = 7034
Description = Dienst "NMSAccess" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 23.03.2011 04:30:00 | Computer Name = TATIN | Source = Service Control Manager | ID = 7034
Description = Dienst "SeaPort" wurde unerwartet beendet. Dies ist bereits 1 Mal 
passiert.
 
Error - 23.03.2011 04:30:00 | Computer Name = TATIN | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist 
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Starten Sie den Dienst neu..
 
Error - 23.03.2011 04:30:01 | Computer Name = TATIN | Source = Service Control Manager | ID = 7034
Description = Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 
Mal passiert.
 
Error - 23.03.2011 04:36:02 | Computer Name = TATIN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Microsoft System" wurde mit folgendem Fehler beendet: 
  %%126
 
 
< End of report >



GMER.txt

Code:
ATTFilter
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-23 20:06:59
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9160310AS rev.0303
Running: g2m3e4r.exe; Driver: C:\DOKUME~1\KATHRI~1\LOKALE~1\Temp\axtdipog.sys


---- System - GMER 1.0.15 ----

SSDT            F7C7E85E                                                                                           ZwCreateKey
SSDT            F7C7E854                                                                                           ZwCreateThread
SSDT            F7C7E863                                                                                           ZwDeleteKey
SSDT            F7C7E86D                                                                                           ZwDeleteValueKey
SSDT            F7C7E872                                                                                           ZwLoadKey
SSDT            F7C7E840                                                                                           ZwOpenProcess
SSDT            F7C7E845                                                                                           ZwOpenThread
SSDT            F7C7E87C                                                                                           ZwReplaceKey
SSDT            F7C7E877                                                                                           ZwRestoreKey
SSDT            F7C7E868                                                                                           ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 2C88                                                               80504524 4 Bytes  CALL 12073CF0 
.text           ntkrnlpa.exe!ZwCallbackReturn + 2CB8                                                               80504554 4 Bytes  CALL EFBF3D20 
.text           ntkrnlpa.exe!ZwCallbackReturn + 2CE0                                                               8050457C 4 Bytes  CALL D2DB3D48 
.text           ntkrnlpa.exe!ZwCallbackReturn + 2CE8                                                               80504584 4 Bytes  CALL 12BF3D50 
.text           ntkrnlpa.exe!ZwCallbackReturn + 2D6C                                                               80504608 4 Bytes  CALL DF713DD4 
.text           ...                                                                                                

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\Explorer.EXE[184] kernel32.dll!CreateProcessW                                           7C802336 5 Bytes  JMP 01450D5C 
.text           C:\WINDOWS\Explorer.EXE[184] WININET.dll!InternetCloseHandle                                       408C4261 5 Bytes  JMP 0144FC54 
.text           C:\WINDOWS\Explorer.EXE[184] WININET.dll!HttpQueryInfoA                                            408C7407 5 Bytes  JMP 0144FBF8 
.text           C:\WINDOWS\Explorer.EXE[184] WININET.dll!HttpOpenRequestA                                          408CAA5B 5 Bytes  JMP 0144D684 
.text           C:\WINDOWS\Explorer.EXE[184] WININET.dll!InternetConnectA                                          408CB0B2 5 Bytes  JMP 0144D390 
.text           C:\WINDOWS\Explorer.EXE[184] WININET.dll!InternetReadFile                                          408D13D4 5 Bytes  JMP 0144F9A4 
.text           C:\WINDOWS\Explorer.EXE[184] WININET.dll!InternetQueryDataAvailable                                408D1615 5 Bytes  JMP 0144F674 
.text           C:\WINDOWS\Explorer.EXE[184] WININET.dll!InternetOpenA                                             408D3081 5 Bytes  JMP 0144D33C 
.text           C:\WINDOWS\Explorer.EXE[184] WININET.dll!HttpSendRequestA                                          408D3558 5 Bytes  JMP 0144E5A8 
.text           C:\WINDOWS\Explorer.EXE[184] WININET.dll!HttpSendRequestW                                          408DFDF9 5 Bytes  JMP 0144EC68 
.text           C:\WINDOWS\Explorer.EXE[184] WININET.dll!InternetReadFileExW                                       408E334C 5 Bytes  JMP 0144FB90 
.text           C:\WINDOWS\Explorer.EXE[184] WININET.dll!InternetReadFileExA                                       408E3384 5 Bytes  JMP 0144FB28 
.text           C:\WINDOWS\system32\winlogon.exe[1604] ntdll.dll!NtSetValueKey                                     7C91DDCE 5 Bytes  JMP 01A14B8C 

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Fastfat \Fat                                                                           fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                           fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\ControlSet003\Services\vccdbqiuk@DisplayName                                           Microsoft System
Reg             HKLM\SYSTEM\ControlSet003\Services\vccdbqiuk@Type                                                  32
Reg             HKLM\SYSTEM\ControlSet003\Services\vccdbqiuk@Start                                                 2
Reg             HKLM\SYSTEM\ControlSet003\Services\vccdbqiuk@ErrorControl                                          0
Reg             HKLM\SYSTEM\ControlSet003\Services\vccdbqiuk@ImagePath                                             %SystemRoot%\system32\svchost.exe -k netsvcs
Reg             HKLM\SYSTEM\ControlSet003\Services\vccdbqiuk@ObjectName                                            LocalSystem
Reg             HKLM\SYSTEM\ControlSet003\Services\vccdbqiuk@Description                                           Erstellt und wartet Clientnetzwerkverbindungen mit Remoteservern. Diese Verbindungen sind nicht mehr verf?gbar, falls dieser Dienst beendet wird. Falls dieser Dienst deaktiviert wird, k?nnen die Dienste, die von diesem Dienst ausschlie?lich abh?ngig sind, nicht mehr gestartet werden.
Reg             HKLM\SYSTEM\ControlSet003\Services\vccdbqiuk\Parameters (not active ControlSet)                    
Reg             HKLM\SYSTEM\ControlSet003\Services\vccdbqiuk\Parameters@ServiceDll                                 C:\WINDOWS\system32\yycpnsp.dll
Reg             HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\1546873414\Groups@?????\xb4z??  1

---- EOF - GMER 1.0.15 ----

 

Themen zu Postbank Trojaner Legitimation den ChipTan Verfahrens
0x00000001, ?????, antivir, audacity, avgntflt.sys, avira, bho, bonjour, c:\windows\system32\rundll32.exe, canon, cdburnerxp, device driver, ebanking, error, excel, extras.txt, firefox, flash player, format, google, home, legitimation, load.exe, location, microsoft office word, mozilla, msvcrt, neu aufsetzen, ntdll.dll, object, office 2007, oldtimer, otl.txt, phishing, plug-in, popup, postbank, realtek, registry, rundll, saver, scan, searchplugins, security, security update, senden, shell32.dll, shortcut, software, starten, studio, super, svchost.exe, trojaner, usb 2.0, windows internet


« TR/Crypt.ZPACK.Gen2 Trojan wurde von Avira gefunden c:\windows\system32\sshnaS21.dll | Clean This Trojaner, NICHTS geht mehr ! »


Ähnliche Themen: Postbank Trojaner Legitimation den ChipTan Verfahrens


  1. 100-TAN-Trojaner Postbank
    Plagegeister aller Art und deren Bekämpfung - 23.08.2011 (4)
  2. Ausspähen persönlicher Legitimation - Onlinebanking - Trojaner
    Log-Analyse und Auswertung - 19.08.2011 (1)
  3. Postbank Trojaner
    Plagegeister aller Art und deren Bekämpfung - 21.06.2011 (10)
  4. Postbank Trojaner
    Log-Analyse und Auswertung - 17.05.2011 (3)
  5. Postbank Trojaner - Tan-Abfrage
    Plagegeister aller Art und deren Bekämpfung - 02.05.2011 (33)
  6. Postbank TAN Trojaner
    Plagegeister aller Art und deren Bekämpfung - 15.03.2011 (1)
  7. 20 TAN Trojaner Spardabank/Postbank
    Plagegeister aller Art und deren Bekämpfung - 22.02.2011 (9)
  8. Postbank Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.02.2011 (10)
  9. 40 TAN Postbank Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.01.2011 (6)
  10. Postbank 100 Tan trojaner
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (6)
  11. 20 TAN Postbank Trojaner
    Plagegeister aller Art und deren Bekämpfung - 30.12.2010 (29)
  12. Postbank 100 Tan Listen Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.12.2010 (5)
  13. Hilfe !!! -Postbank Trojaner 40 Tan´s
    Plagegeister aller Art und deren Bekämpfung - 18.11.2010 (10)
  14. Postbank TAN-Trojaner
    Log-Analyse und Auswertung - 18.11.2010 (10)
  15. 30 TAN Trojaner (Postbank)
    Plagegeister aller Art und deren Bekämpfung - 06.10.2010 (17)
  16. Postbank Trojaner, 40 Tan's eingeben
    Plagegeister aller Art und deren Bekämpfung - 09.08.2010 (8)
  17. chipTAN-Verfahren der Sparkassen ausgetrickst
    Nachrichten - 23.11.2009 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Postbank Trojaner Legitimation den ChipTan Verfahrens - Hallo, ich hatte gestern beim Versuch mich ins Onlinebanking der Postbank einzuloggen ein Popup, dass sich über das normale Layout gelegt hat, in dem ich aufgefordert wurde zu Legitimation des - Postbank Trojaner Legitimation den ChipTan Verfahrens...
Archiv
Du betrachtest: Postbank Trojaner Legitimation den ChipTan Verfahrens auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131